K3S-HOME/platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
104 Commits 1 Branch 0 Tags
11a945011f82301e41f1978b0820793a2a6fbf8e
Commit Graph

37 Commits

Author SHA1 Message Date
Mayne0213
a91fe6ab2f PERF(argocd): optimize resources via VPA 
- Set controller CPU to 22m/839m, memory to 1388Mi/1861Mi
- Set server CPU to 15m/15m, memory to 163Mi/218Mi
- Set repoServer CPU to 15m/84m, memory to 225Mi/1310Mi
- Set redis CPU to 15m/15m, memory to 100Mi/100Mi
 2026-01-12 01:07:37 +09:00
Mayne0213
12db0af4cd PERF(argocd): optimize resources and pin controller to master 
- Move application-controller to control-plane node
- Adjust CPU request to VPA recommendation (476m)
- Reduce memory request/limit (1700Mi → 1324Mi)
- Update GOMEMLIMIT to 800MiB
- Reduce repo-server memory (1536Mi → 1200Mi)
 2026-01-12 00:02:55 +09:00
Mayne0213
010cd38390 Remove duplicate zot-creds.yaml ExternalSecret 
The zot-registry-credentials ExternalSecret was defined twice in argocd
namespace, causing ArgoCD duplicate resource warning. The image-updater-secret.yaml
already has the correct definition with the new Vault path (storage/zot).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 23:03:44 +09:00
Mayne0213
f50497e49e refactor: update Vault secret paths to new categorized structure 
- argocd: zot → storage/zot, github → platform/github, gitea → platform/gitea
- gitea-runner: gitea → platform/gitea, zot → storage/zot
- tekton: tekton → platform/tekton, zot → storage/zot

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 22:36:27 +09:00
Mayne0213
fa8a2dc805 CHORE(repo): add goldilocks labels to namespaces 
- Add goldilocks label to gitea namespace
- Add goldilocks label to argocd namespace
- Add goldilocks label to tekton-pipelines namespace
 2026-01-11 21:10:41 +09:00
Mayne0213
dfa2a0578e feat: Kaniko 기반 CI/CD 설정 
- gitea-runner: DinD 제거, Host 모드 전환
- gitea-runner: ServiceAccount, RBAC 추가
- gitea ns: zot-registry-credentials ExternalSecret 추가
- argocd ns: zot-registry-credentials ExternalSecret 추가

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 21:15:19 +09:00
Mayne0213
fa63d0f86a feat: add Gitea credentials and Actions runner 
- Add gitea-creds ExternalSecret for ArgoCD authentication to Gitea
- Enable Gitea Actions in helm-values.yaml
- Add gitea-runner deployment for CI/CD

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 20:38:03 +09:00
Mayne0213
5d54ee767a REFACTOR(argocd): separate image-updater manifests 
- Move ExternalSecrets to image-updater-manifests folder
- Add manifests source to image-updater Application
- Remove unnecessary ignoreDifferences from argocd
 2026-01-10 20:05:43 +09:00
Mayne0213
b174afbc0d FIX(argocd): add ignoreDifferences for API defaults 
- Ignore ExternalSecret default values from API server
- Ignore ServiceMonitor metric relabelings
 2026-01-10 20:03:07 +09:00
Mayne0213
b650c0af56 REFACTOR(argocd): merge priority-classes into argocd 
- Move priority-classes to argocd/manifests
- Remove separate priority-classes Application
- Simplify platform folder structure
 2026-01-10 19:47:30 +09:00
Mayne0213
81c42f67e9 REFACTOR(argocd): merge image-updater into argocd 
- Move image-updater Application to argocd folder
- Move helm-values and secrets to argocd
- Remove separate argocd-image-updater folder
- Update kustomization references
 2026-01-10 19:44:02 +09:00
Mayne0213
737873066d feat: increase argocd application-controller CPU request to 250m 2026-01-10 18:02:48 +09:00
Mayne0213
c38b944a96 REVERT(argocd): restore original resource values 
- Keep argocd controller at 126m/1700Mi
- Keep argocd server at 15m/138Mi
- Keep argocd repo-server at 15m/1536Mi
 2026-01-10 14:44:44 +09:00
Mayne0213
d079b8582a PERF(platform): use 20% memory increase instead of VPA 
- Update argocd controller memory 1700Mi→2040Mi (+20%)
- Update argocd server memory 138Mi→166Mi (+20%)
- Update argocd repo-server memory 1536Mi→1843Mi (+20%)
- Update cert-manager memory 96Mi→115Mi (+20%)
- Update cert-manager webhook memory 96Mi→115Mi (+20%)
- Update cert-manager cainjector memory 192Mi→230Mi (+20%)
 2026-01-10 14:37:21 +09:00
Mayne0213
26ca07623e PERF(platform): adjust resources based on VPA 
- Update argocd controller cpu 126m→350m, memory 1700Mi→640Mi
- Update argocd server memory 138Mi→121Mi
- Update argocd repo-server cpu 15m→49m, memory 1536Mi→933Mi
- Update argocd-image-updater cpu 10m→15m, memory 64Mi→100Mi
- Update cert-manager cpu 23m→15m, memory 96Mi→100Mi
- Update cert-manager webhook cpu 23m→15m, memory 96Mi→100Mi
- Update cert-manager cainjector cpu 23m→15m, memory 192Mi→237Mi
 2026-01-10 14:31:28 +09:00
Mayne0213
187d6aa668 PERF(argocd): increase repo-server memory 
- Increase memory from 960Mi to 1536Mi
- Prevent OOM during manifest generation
 2026-01-10 13:26:40 +09:00
Mayne0213
52c66f51ae PERF(argocd): move to workers, add high priority 
- Remove nodeSelector forcing control-plane placement
- Remove tolerations from ArgoCD and image-updater
- Add high-priority PriorityClass
 2026-01-10 13:14:07 +09:00
Mayne0213
03ca19b771 feat(argocd): enable ServiceMonitor for metrics collection 
- Add serviceMonitor.enabled: true to controller, server, repoServer
- Allows Prometheus to scrape ArgoCD metrics

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-10 03:36:29 +09:00
Mayne0213
97fd010eb8 FIX(argocd): increase repo-server memory to 960Mi 
- Repo-server was crashing under load with 640Mi limit
- Set both requests and limits to 960Mi
 2026-01-10 01:17:36 +09:00
Mayne0213
56af1a9a17 CHORE(resources): set memory limits equal to memory requests 
- Align memory limits with memory requests for guaranteed QoS class
- argocd: controller, server, repoServer, redis
- traefik: main container
- cert-manager: main, webhook, cainjector
- argocd-image-updater: main container
 2026-01-10 01:17:35 +09:00
Mayne0213
34277fb7e8 FEAT(argocd): enable metrics service endpoints 
- Add controller metrics on port 8082
- Add server metrics on port 8083
- Add repoServer metrics on port 8084
 2026-01-09 21:43:56 +09:00
Mayne0213
4a4ccd0c44 FIX(argocd): use control-plane nodeSelector 
- Change nodeSelector from master to control-plane
- K8s nodes have control-plane: "true" label
- Fix pod scheduling failure

FIX(argocd): use hostname instead of hosts for ingress

- Change from hosts array to hostname string
- Change tls from array to boolean
- Matches argo-cd Helm chart expected format

FIX(argocd): resolve SharedResourceWarning

- Change from including argocd/ folder to argocd/argocd.yaml only
- Namespace and webhook-ingress now managed by argocd app only
- Prevents duplicate resource management between platform and argocd
 2026-01-09 21:43:36 +09:00
Mayne0213
0d38963837 FEAT(argocd): enable GitOps self-management 
- Add ArgoCD Application for Helm chart deployment
- Add helm-values.yaml with custom settings
- Configure GOMEMLIMIT=400MiB, GOGC=50
- Disable reconciliation (webhook only)
- Enable anonymous access (Authelia handles auth)
- Move main ingress to helm-values.yaml
- Add separate webhook-ingress.yaml
- Remove ConfigMap files (now in helm-values)
 2026-01-09 21:43:36 +09:00
Mayne0213
bd1b3c9d85 FIX(argocd): disable app-resync to prevent periodic spikes 
- Set controller.app.resync to 0 (default 180s)
- Rely on webhook + selfHeal only
- Fixes 3-minute periodic reconciliation causing CPU/memory spikes
 2026-01-09 21:43:31 +09:00
Mayne0213
9f46c94dff Disable ArgoCD polling - webhook only 
- Set timeout.reconciliation to 0 (disabled)
- ArgoCD now relies solely on GitHub webhooks for refresh
- Reduces unnecessary reconciliation cycles
 2026-01-07 18:54:15 +09:00
Mayne0213
892b5dc815 FEAT(argocd): add webhook ingress without Authelia 
- Add separate ingress for /api/webhook path
- Exclude Authelia middleware for GitHub webhook
- Enable automatic refresh on git push events
 2026-01-07 16:11:59 +09:00
Mayne0213
045967b265 REFACTOR(argocd): move config files to manifests/ 
- Move namespace.yaml to manifests/
- Move argocd-cm.yaml to manifests/
- Move argocd-rbac-cm.yaml to manifests/
- Move argocd-cmd-params-cm.yaml to manifests/
- Move ingress.yaml to manifests/
 2026-01-06 15:42:19 +09:00
Mayne0213
f62c02a152 REVERT(repo): remove unused controllers yaml 
- ArgoCD deployments are not managed by this repo
- Use 'kubectl scale' to disable unused controllers instead
 2026-01-04 23:28:29 +09:00
Mayne0213
00dcd5aeea CHORE(argocd): disable unused ArgoCD controllers 
- notifications: Not using alerts
- applicationset: Not using ApplicationSet templates
- dex: Using Authelia SSO instead
- Saves ~200-300 MiB memory and removes 3-minute reconciliation loop
 2026-01-04 23:28:29 +09:00
Mayne0213
bce82706d3 CHORE(argocd): set argocd reconciliation interval 
- to 24h
- Reduce memory usage from frequent reconciliation (was 3min default)
- 53 applications checked every 3min caused ~1GiB memory fluctuation
- Manual Refresh/Sync still available when needed
 2026-01-04 23:28:29 +09:00
Mayne0213
408f1cc16b FEAT(authelia): add SSO to Vault and ArgoCD 
- Add Authelia SSO to vault and argocd ingress
- Enable single sign-on authentication
 2026-01-04 23:28:29 +09:00
Mayne0213
d80a212e6e REFACTOR(traefik): switch from HAProxy 
- to Traefik ingress controller
- Update all ingress files to use ingressClassName: traefik
- Update cert-manager ClusterIssuer to use traefik class
- Remove haproxy.org annotations from ingress files
- Update vault helm-values to use traefik
 2026-01-04 23:28:29 +09:00
Mayne0213
a3f5f038b2 FIX(argocd): restore namespace.yaml for ArgoCD 
- Restore namespace configuration for ArgoCD
- Special case for ArgoCD namespace
 2026-01-04 23:28:29 +09:00
Mayne0213
1d7970a42f REFACTOR(goldilocks): use managedNS for labels 
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
 2026-01-04 23:28:29 +09:00
Mayne0213
ce2ee8d39e REFACTOR(repo): restructure infra folder structure 
- Remove argocd/, helm-values/, ingress/ subdirectories
- Move files to parent directory with standardized names
- Add namespace.yaml to all apps with Goldilocks labels
- Preserve vault/ subdirectories (falco, velero)
- Update main kustomization.yaml to reference argocd.yaml files directly
- Comment out argocd.yaml in each app's kustomization.yaml to prevent
  circular reference

Applications restructured:
- cert-manager (2 ArgoCD apps)
- external-secrets
- reloader
- vault (2 ArgoCD apps)
- velero (2 ArgoCD apps)
- falco
- cnpg
- haproxy
- metallb
- vpa
- argocd
 2025-12-29 02:21:00 +09:00
Mayne0213
157e69d9cb CHORE(traefik): split centralized ingress to per-application 
- Moved ArgoCD ingress to argocd/ingress/
- Moved Velero ingress to velero/ingress/
- Removed centralized ingress/ingresses.yaml
- Each application now manages its own ingress independently
 2025-12-25 20:20:35 +09:00
Mayne0213
bdf974ac3e FEAT(argocd): add argocd insecure mode config 
- Created argocd-cmd-params-cm ConfigMap
- Set server.insecure: true to fix redirect loop
- ArgoCD will run in insecure mode (ingress handles TLS)
 2025-12-25 20:01:19 +09:00